DSU Computer Clubs Wiki

User Tools

Site Tools

Trace:
cyberconquest

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cyberconquest [2021/12/07 01:52] Charlie Rootcyberconquest [2023/08/23 04:44] (current) Gaelin
Line 1: Line 1:
 ====== CyberConquest ====== ====== CyberConquest ======
  
-Cyber Conquest is an exciting cybersecurity competition that combines both offensive and defensive skillsets into one exciting king-of-the-hill contest. Teams are tasked with defending their own infrastructure while attacking other team’s infrastructure to gain points. Defensive points are gained by keeping your services up and keeping other teams off your systems, and offensive points are gained by planting your flag on opponent’s systems. +Cyber Conquest is a purple-team cybersecurity competition (that is, it combines both offensive and defensive skillsetsinto one king-of-the-hill contest. Teams are tasked with defending their own infrastructure while attacking other team’s infrastructure to gain points. Defensive points are gained by keeping your services up and keeping other teams off your systems, and offensive points are gained by planting your flag on opponent’s systems.
- +
-==== Red and Blue ====+
  
 Successful teams will consist of both attackers and defenders. Teams must communicate and work together to as effective as possible. While good offense informs defense, good defense also informs offense. Successful teams will consist of both attackers and defenders. Teams must communicate and work together to as effective as possible. While good offense informs defense, good defense also informs offense.
  
-**Sign up for our December 7th competition at** [[https://link.defsec.club/CyberConquest|link.defsec.club/CyberConquest]] +==== Defense (Blue) ====
----- +
- +
-==== Objectives ====+
  
 Each team will be given console access to systems that they are responsible for. Similar to defensive competitions like CCDC, each of these systems will be running a set of services that must be maintained in order to gain defender points. Defenders are tasked with securing these systems while maintaining service uptime. A large part of securing these systems will consist of seeking out and destroying enemy persistence. All teams will start with nearly identical systems, so as a secondary objective, defenders should look for vulnerabilities in their systems which their attacker teammates can exploit on other teams. Each team will be given console access to systems that they are responsible for. Similar to defensive competitions like CCDC, each of these systems will be running a set of services that must be maintained in order to gain defender points. Defenders are tasked with securing these systems while maintaining service uptime. A large part of securing these systems will consist of seeking out and destroying enemy persistence. All teams will start with nearly identical systems, so as a secondary objective, defenders should look for vulnerabilities in their systems which their attacker teammates can exploit on other teams.
 +
 +==== Attack (Red) ====
  
 Each team will be given a token. To earn attacker points, the team must hit the scoring engine with that token (via curl, wget, etc). The goal is not to destroy systems but rather to stealthily gain access and plant persistence. Therefore, offensive and defensive points are only awarded if a system’s services are online and functioning. Each team will be given a token. To earn attacker points, the team must hit the scoring engine with that token (via curl, wget, etc). The goal is not to destroy systems but rather to stealthily gain access and plant persistence. Therefore, offensive and defensive points are only awarded if a system’s services are online and functioning.
  
-See the scoring engine information page for more competition-specific information.+=== Persistence Points === 
 + 
 +Hit the scoring engine with an HTTP GET request at where here TOKEN is your team token that we've given to you, and that IP is the scoring engine. <code>http://10.30.0.100/persist/TOKEN</code> You must request that URL from the machine that you've hacked. The engine determines what machine you're on based on its IP address. For example, if your token was soup, you'd prove persistence like this: 
 + 
 +<code> 
 +curl http://10.30.0.100/persist/soup 
 +</code> 
 + 
 +Or on Windows (powershell): 
 +<code> 
 +Invoke-WebRequest -Uri http://10.30.0.100/persist/soup 
 +</code> 
 + 
 +See the [[https://scoring.defsec.club|scoring engine]] for more competition-specific information. 
 + 
 + 
 +=== DakotaCon 10.1 Cyber Conquest === 
 +    * [[https://blog.gael.in/cyberconquest|Infrastructure write up by Gaelin]]
cyberconquest.1638841962.txt.gz · Last modified: 2021/12/07 01:52 by Charlie Root

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki